exploit the possibilities
Showing 1 - 25 of 386 RSS Feed

Files Date: 2020-02-01 to 2020-02-29

MITREid 1.3.3 Cross Site Scripting
Posted Feb 28, 2020
Authored by Aaron Bishop

MITREid versions 1.3.3 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-5497
MD5 | 4af01c468a0b4372b4ec0d37a9c3cbb6
Microsoft Windows Kernel Privilege Escalation
Posted Feb 28, 2020
Authored by nu11secur1ty

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tracing functionality used by the Routing and Remote Access service. The issue results from the lack of proper permissions on registry keys that control this functionality. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.

tags | exploit, remote, local, registry
systems | windows
advisories | CVE-2020-0668
MD5 | 10f155214b43543ed6228cacf1da3f77
qdPM Remote Code Execution
Posted Feb 28, 2020
Authored by Tobin Shields

qdPM versions prior to 9.1 suffer from a remote shell upload vulnerability that allows for remote code execution.

tags | exploit, remote, shell, code execution
advisories | CVE-2020-7246
MD5 | df9b1db93b79b6c69b0ccf3415728a46
Deciphering The SWIFT-DRIDEX Relationship In Bank
Posted Feb 28, 2020
Authored by Monika Arora, Harsh, Achint Basoya

This whitepaper is a study that gives an overview about what methodology a hacker uses to hack into a system, discusses a theft of millions from the central bank of Bangladesh, and more.

tags | paper
MD5 | 3ef7c0115d20d15b6ae83d2c02bfe8bc
Nimsoft nimcontroller 7.80 Remote Code Execution
Posted Feb 28, 2020
Authored by wetw0rk

Nimsoft nimcontroller version 7.80 suffers from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-8012
MD5 | 191766a5277a4253e369b17103b4ba2c
SerialTweaker 1.1
Posted Feb 28, 2020
Authored by Stefan Broeder, redtimmysec

SerialTweaker is a tool that can be used to load a serialized object, change its contents, and reserialize it to a new serialized object with modified fields inside.

tags | tool
systems | unix
MD5 | d914f07f0f241842bdd179051467fe46
Wireshark Analyzer 3.2.2
Posted Feb 28, 2020
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Multiple vulnerabilities and bug fixes in dissectors have been addressed.
tags | tool, sniffer, protocol
systems | windows, unix
MD5 | e468b78e1176e0212b13ef809f59dcbb
Zeek 3.1.0
Posted Feb 28, 2020
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Added a new supervisor framework that enables Zeek to operate clusters. Various other additions and changes in functionality.
tags | tool, intrusion detection
systems | unix
MD5 | c570719350c921b2c7becfe0e4ee9922
Red Hat Security Advisory 2020-0637-01
Posted Feb 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0637-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite 5.8 on Red Hat Enterprise Linux 6.

tags | advisory
systems | linux, redhat
MD5 | 8505779ac008b90ba2e38343b215dc69
Red Hat Security Advisory 2020-0638-01
Posted Feb 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0638-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite Proxy 5.8 on Red Hat Enterprise Linux 6.

tags | advisory
systems | linux, redhat
MD5 | d6be3faa418a6e10be9d297a2d90a45b
Samhain File Integrity Checker 4.4.1
Posted Feb 27, 2020
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Fixed compatibility problem with older (version 2.0.x) GnuPG.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | 000cc50f337b9153c743fedc3c178d54
Chrome DesktopMediaPickerController::WebContentsDestroyed Use-After-Free
Posted Feb 27, 2020
Authored by Google Security Research, Glazvunov

Chrome suffers from a heap use-after-free vulnerability in DesktopMediaPickerController::WebContentsDestroyed.

tags | exploit
advisories | CVE-2019-13767
MD5 | 696153f1a945a02c625d23a13667f869
Samsung Kernel Arbitrary /dev/vipx / /dev/vertex kfree
Posted Feb 27, 2020
Authored by Google Security Research, bazad

This function, reached through ioctl VS4L_VERTEXIOC_QBUF in the Samsung kernel, has an error case that cannot function correctly. It reads in an array of pointers from userspace and in-place replaces each userspace pointer with a kernel pointer allocated with kzalloc(). Unfortunately, in the error case it will iterate over all the pointers in the array (regardless of how many, if any, were converted to kernel pointers) and call kfree() on each of them. Thus, all it takes to call kfree() on an arbitrary number of controlled pointers is to make the second copy_from_user() fail after successfully copying in the desired number of pointers to free.

tags | exploit, arbitrary, kernel
MD5 | 05651491fa9a6c8a32c0a6dc538ee2f3
Red Hat Security Advisory 2020-0632-01
Posted Feb 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0632-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include a deserialization vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2020-2583, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2659
MD5 | af6adb72a6bf7fc35ce5c81cb8c0ad34
Red Hat Security Advisory 2020-0638-01
Posted Feb 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0638-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite Proxy 5.8 on Red Hat Enterprise Linux 6.

tags | advisory
systems | linux, redhat
MD5 | d6be3faa418a6e10be9d297a2d90a45b
XNU tcp_input Use-After-Free
Posted Feb 27, 2020
Authored by Google Security Research, nedwill

XNU suffers from a use-after-free vulnerability in tcp_input.

tags | exploit
MD5 | 5109da3d6da1dda43fca2c712bf5f5a2
Red Hat Security Advisory 2020-0634-01
Posted Feb 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0634-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2020-8597
MD5 | 6c18d79e6baafe4b7b430b7686798a16
I2P 0.9.45
Posted Feb 27, 2020
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Various bug fixes.
tags | tool
systems | unix
MD5 | 4b03d210881221c0ea06cd9e4caf0f35
Red Hat Security Advisory 2020-0631-01
Posted Feb 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0631-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2020-8597
MD5 | 6285ebc751d08f8d9c98997f39b3ca0d
Red Hat Security Advisory 2020-0633-01
Posted Feb 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0633-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2020-8597
MD5 | c6c11c080987f7a4be2599acc6575436
Samsung Kernel /dev/hdcp2 hdcp_session_close() Race Condition
Posted Feb 27, 2020
Authored by Google Security Research, bazad

In the Samsung kernel, the /dev/hdcp2 device ioctls seem to implement no locking, leading to multiple exploitable race conditions. For example, you can open a session with the HDCP_IOC_SESSION_OPEN ioctl, and then close it in multiple threads in parallel with the HDCP_IOC_SESSION_CLOSE. Since no locking is implemented in hdcp_session_close(), memory will be corrupted and the system will become unstable.

tags | exploit, kernel
MD5 | d4c16edeb7e9bb6b2a66c4a9bfe48796
Samsung Kernel /dev/vipx Pointer Leak
Posted Feb 27, 2020
Authored by Google Security Research, bazad

The function __vipx_ioctl_put_container() in the Samsung kernel calls copy_to_user() on a vs4l_container_list structure that contains a kernel pointer, exposing that kernel pointer to userspace just before it gets passed to kfree().

tags | exploit, kernel
MD5 | 4d763dd7a0edc38113e6a84e2a16619c
Red Hat Security Advisory 2020-0526-01
Posted Feb 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0526-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue where /etc/passwd was given incorrect privileges has been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-19351
MD5 | 5aefe9f768193d95b9edcdf6975f9ad7
Red Hat Security Advisory 2020-0630-01
Posted Feb 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0630-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2020-8597
MD5 | ef5027fdb910dbc4fc3b4c7bea90fa6f
Comtrend VR-3033 Command Injection
Posted Feb 27, 2020
Authored by Raki Ben Hamouda

Comtrend VR-3033 suffers from a command injection vulnerability.

tags | exploit
MD5 | 1068034443ae0a1d32707c90982e884d
Page 1 of 16
Back12345Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    15 Files
  • 4
    Apr 4th
    5 Files
  • 5
    Apr 5th
    5 Files
  • 6
    Apr 6th
    27 Files
  • 7
    Apr 7th
    31 Files
  • 8
    Apr 8th
    18 Files
  • 9
    Apr 9th
    11 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close